Signal to roll out a new privacy feature in beta, that conceals sender’s identity!

Worried about the privacy of your messages and chats? It’s about time you start considering the use of ‘Signal’. As if end-to-end chat encryption wasn’t enough, Signal is now rolling out a new feature in Beta that will further hide a sender’s “from” information and conceal their identity.

The logic behind implementing this feature is simple- While the service always needs to know where a message should be delivered, ideally it shouldn’t need to know who the sender is.

First, let’s understand how communication takes place traditionally, prior to exploring this feature.

The traditional method of sending messages

A Signal client sends a message by connecting to the service over TLS, authentication takes place, and the encrypted message contents are sent to the destination. The authentication process is supposed to:

Validate the sender’s identity to help prevent spoofing and help the recipient understand who sent the message.

Use the sender’s identity to apply rate limiting and abuse protection.

The latest beta release is designed to further retain another piece of information of its users: who is messaging whom.

Communication will now take place in 3 simple steps:

The app will hide a sender’s information inside the envelope of an encrypted message using Signal Protocol.

The sender’s “from” information will be removed from outside the message’s envelope. It will be replaced with a short-term certificate, containing the sender’s phone number, public identity key and an expiry time. This will be used to prove a sender’s identity. The whole envelope is encrypted again.

Once the message is delivered, the recipient’s device will validate the certificate and decrypt the message as it normally would without exposing the sender’s identity at any point.

In order to implement the new feature and still ensure authenticity of the sender the following have been included in the short-term certificate:

#1 Sender certificates

To prevent spoofing of messages, clients periodically retrieve a short-lived sender certificate, containing the client’s phone number, public identity key, and an expiration timestamp- thus attesting to their identity. Clients can include the sender certificate when a message is sent, and receivers of the message can easily check its validity.

#2 Delivery tokens

To take steps against abuse, clients derive a 96-bit delivery token from their profile key and register it with the service. The service requires that the clients prove their knowledge of the delivery token for a user in order to transmit messages to that particular user.

Profiles are shared with contacts, other people or groups who users explicitly approve, and in conversations that they create. This allows delivery tokens to be seamlessly exchanged behind the scenes.

Since knowledge of a user’s profile key is necessary to derive that user’s delivery token, this restricts “sealed sender” messages to contacts who are less likely to require rate limits and other abuse protection. Additionally, blocking a user who has access to a profile key will trigger a profile key rotation.

#3 Encryption

Signal Protocol is used to encrypt message contents end-to-end. The “envelope” containing the sender certificate as well as the message ciphertext is also encrypted using the sender and recipient identity keys.

Signal has never retained much of users data. This was proved two years ago when the FBI demanded that Signal turn over all the data it had on one particular user.

But the question is, with social media platforms being misused by criminals to post attack threats, will a feature like this make Signal a haven for unscrupulous elements? Does Signal also have a plan to tackle issues such as hate speech recognition on its platform?

The Beta releases that support sealed sender will be rolling out over the next few days. Users are advised to update all of their devices to use this new feature. Head over to the Signal Blog for more insights on this news.